CLAIMS 

What is claimed is: 

1. A method of controlling access to resources, said method 
5 comprising: 

storing a policy decision for a resource in local memory, said policy 
decision received from a source of policy definitions, said policy decision based 
on a policy definition governing access to said resource and on requestor 
identifying information provided to said source; 
10 receiving a request for access to said resource, said request comprising 

said requestor identifying information; and 

evaluating said request using said policy decision in said local memory 
instead of referring said request to said source for evaluation. 

15 2. The method of Claim 1 wherein said resource is affiliated with 

another resource, and wherein further a policy decision for said other resource 
is received from said source and stored in local memory. 

3. The method of Claim 1 further comprising: 

20 receiving from said source a notification of a change in said policy 

definition. 

4. The method of Claim 3 wherein said notification identifies 
resources affected by said change. 

25 

5. The method of Claim 3 wherein said notification also comprises an 
updated version of said policy decision based on said change. 
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6. The method of Claim 3 further comprising: 
marking said policy decision subject to said change; and 
requesting an updated version of said policy decision in response to a 

5 subsequent request for said resource. 

7. The method of Claim 1 further comprising: 

sending a message to said source, said message requesting updates for 
policy decisions stored in said memory. 

10 

8. The method of Claim 1 wherein a period of time said policy 
decision is valid is also received from said source and stored locally. 

9. The method of Claim 1 wherein a condition associated with said 
15 policy definition is also received from said source and stored locally, wherein 

said condition is enforced locally. 

10. A method of controlling access to resources, said method 
comprising: 

20 receiving a request for access to a resource, said request comprising 

requestor identifying information, wherein said request is referred to a source of 
a policy definition that governs access to said resource for evaluation; 

receiving from said source a policy decision for said resource, said policy 
decision based on said policy definition and said requestor identifying 

25 information; and 
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storing said policy decision in local memory, wherein a subsequent 
request for said resource is evaluated locally using said policy decision stored 
in memory. 

1 1 . The method of Claim 10 wherein said resource is affiliated with 
another resource, wherein a policy decision for said other resource is received 
from said source and stored in local memory. 

12. The method of Claim 10 further comprising: 

receiving from said source a notification of a change in said policy 
definition. 

13. The method of Claim 12 wherein said notification identifies 
resources affected by said change. 

14. The method of Claim 12 wherein said notification also comprises 
an updated version of said policy decision based on said change. 

15. The method of Claim 12 further comprising: 
marking said policy decision subject to said change; and 
requesting an updated version of said policy decision in response to a 

subsequent request for said resource. 

16. The method of Claim 10 further comprising: 

sending a message to said source, said message requesting updates to 
policy decisions stored in said memory. 
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17. The method of Claim 10 further comprising: 
receiving information that identifies a period of time said policy decision 
is valid. 



5 



18. The method of Claim 10 further comprising: 



receiving from said source a condition associated with said policy 
definition, wherein said condition is enforced locally. 

19. A computer-usable medium having computer-readable program 
10 code embodied therein for causing a computer system to perform a method of 
controlling access to resources, said method comprising: 

storing in memory a policy decision for a first resource, said policy 
decision received from a source of policy definitions, said policy decision based 
on a policy definition governing access to said first resource and on requestor 
15 identifying information provided to said source; 

receiving a request for access to said first resource, said request 
comprising said requestor identifying information; and 

evaluating said request using said policy decision stored in said memory 
instead of referring said request to said source for evaluation. 



20. The computer-usable medium of Claim 19 wherein said first 
resource is affiliated with another resource, wherein a policy decision for said 
other resource is received from said source and stored in local memory. 



20 



25 



21. The computer-usable medium of Claim 19 wherein said computer- 



readable program code embodied therein causes said computer system to 
perform said method comprising: 
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receiving from said source a notification of a change in said policy 
definition. 



22. The computer-usable medium of Claim 19 wherein said computer- 
5 readable program code embodied therein causes said computer system to 
perform said method comprising: 

sending a message to said source, said message requesting updates for 
policy decisions stored in said memory. 

10 23. The computer-usable medium of Claim 19 wherein a period of 

time said policy decision is valid is also received from said source and stored 
locally. 



24. The computer-usable medium of Claim 19 wherein a condition 
15 associated with said policy definition is also received from said source and 
stored locally, wherein said condition is enforced locally. 



25. The computer-usable medium of Claim 19 wherein said computer- 
readable program code embodied therein causes said computer system to 
20 perform said method comprising: 

receiving a request for access to a second resource, said request 
comprising said requestor identifying information; 

providing said requestor identifying information to a source of a policy 
definition that governs access to said second resource; 
25 receiving from said source a policy decision for said second resource, 

said policy decision for said second resource based on said policy definition 
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that governs said second resource and said requestor identifying information; 
and 

storing said policy decision for said second resource in said memory, 
wherein a subsequent request for said second resource is evaluated using said 
5 policy decision stored in said memory. 
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